General
-
Target
62829f4b6e866f5f1b128fa4dd1931e46dad0b1150d0b4869d62908090a82591
-
Size
3.9MB
-
Sample
230129-w6z2gaad8s
-
MD5
ad66e94e62c9d256278afeb29dd1086e
-
SHA1
a93baf516b7fae8ed07ef5798d95bc43aad1db9e
-
SHA256
62829f4b6e866f5f1b128fa4dd1931e46dad0b1150d0b4869d62908090a82591
-
SHA512
73131be90cfe7c3c8730bade6d6fed731890927a8be98283c1af745e0ce80eca62555faa62144709e19ab420700a51dbe3dd86c90bdc99c60d7831bcd3a8fc57
-
SSDEEP
49152:gtXIcARwuEX0ePpqpxIqrHp6VSt2NOTkGOFvN2Kwk8cvEFCaTWOO0LywozjV+dK:gtZukZPixdwVSY41O72l6unof3
Static task
static1
Behavioral task
behavioral1
Sample
62829f4b6e866f5f1b128fa4dd1931e46dad0b1150d0b4869d62908090a82591.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
62829f4b6e866f5f1b128fa4dd1931e46dad0b1150d0b4869d62908090a82591.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
62829f4b6e866f5f1b128fa4dd1931e46dad0b1150d0b4869d62908090a82591
-
Size
3.9MB
-
MD5
ad66e94e62c9d256278afeb29dd1086e
-
SHA1
a93baf516b7fae8ed07ef5798d95bc43aad1db9e
-
SHA256
62829f4b6e866f5f1b128fa4dd1931e46dad0b1150d0b4869d62908090a82591
-
SHA512
73131be90cfe7c3c8730bade6d6fed731890927a8be98283c1af745e0ce80eca62555faa62144709e19ab420700a51dbe3dd86c90bdc99c60d7831bcd3a8fc57
-
SSDEEP
49152:gtXIcARwuEX0ePpqpxIqrHp6VSt2NOTkGOFvN2Kwk8cvEFCaTWOO0LywozjV+dK:gtZukZPixdwVSY41O72l6unof3
-
Glupteba payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-